By a Biometrica staffer
In a big win for those arguing for greater autonomy for consumers on how companies collect and use their personal data, this week, Colorado became the third state, after Virginia and California, to implement a sweeping piece of legislation that lets its residents choose whether or not to share their data with private entities.
The Protect Personal Data Privacy bill, signed into law on Wednesday, July 7, by Governor Jared Polis will go into effect two years from now, in July 2023. Under it, Coloradans will be able to opt-out of data collection and tracking online. It makes it mandatory for internet companies to disclose to users what data is being collected, what the data is used for, and how long the data is stored on the company’s servers. Further, it allows users to request a copy of the data that has been collected and also stipulates that each user has the right to access, correct, or delete any personal data of theirs.
The regulations make concessions based on the size of the business and its user base, and excludes some financial institutions from being subject to the law. One year after it goes into effect, by July 2024, a one-stop-shop privacy control setting setting will be implemented in browsers, making it easier for consumers to opt-out on all the websites they visit, rather than having to individually opt-out on each site.
The bill was first introduced in March this year. It coasted through both chambers, enthusiastically supported by lawmakers on both sides of the aisle. In June, the Colorado House approved the bill in a 57–7 vote, followed by the State Senate with a 34–0 vote. It was sent to Gov. Polis for his signature at the end of June.
Opponents have expressed concerns that businesses may struggle with the cost of implementing such tools, and that it could have an adverse effect on them. According to proponents, however, the final version of the bill serves to balance both the needs of businesses and the rights of the consumer. It offers the latter more protection and control over how their personal information is used, but it also allows companies to collect the kind of data they need to operate.
On the other hand, there are some advocates who say the law doesn’t go far enough. The next step for some of them would be for legislators to enact a law that would allow consumers to sue those who violate the data collection regulations.
In the private sector, in April this year, Apple Inc. introduced a feature on iOS devices that forces apps to specifically ask users whether they want to have their data tracked (essentially asking them to opt-in). Some analysts say that less than 33% of iOS users have actually agreed to have their data tracked.
There are also calls for Congress to establish a national, uniform standard for data privacy and consumer data protection. This move seems to be popular with the average American as well, with one study estimating, 83% of American voters, on bipartisan lines, said that this should be a “top” or “important, but lower” priority for Congress in 2021.
You can find a list of the different state-level legislation regarding data privacy and protection here.